SitusAMC, a major real estate finance vendor that provides services to large United States banks, disclosed that it experienced a cyber incident that may have exposed data linked to several financial institutions. The company reported the breach on November 12 and stated that the attackers gained access to internal systems that store documents and records processed on behalf of clients. SitusAMC told affected institutions that some customer-related information held within these systems may also have been accessed. The firm said the breach has been contained and that its operations resumed after technical controls were restored. The scope of the compromised data has not yet been confirmed.
The incident has drawn attention because SitusAMC works with many well-known banks, including JPMorgan Chase, Citigroup, and Morgan Stanley. These organisations rely on the vendor for mortgage processing, underwriting support, and accounting functions tied to loan portfolios. Documents handled through the platform can include financial statements, payment histories, legal records, and property information. If data belonging to bank customers were stored in the affected environment, exposure could involve sensitive financial details. Each institution is now reviewing its own records to determine whether client information may have been impacted.
SitusAMC has not disclosed the number of affected customers or the volume of data involved. The company stated that it is cooperating with law enforcement and external specialists. It has notified regulatory bodies as required and informed client organisations of the potential exposure. Because the breach involved a supplier rather than a bank’s internal network, financial institutions must rely on the vendor’s findings to assess risk. This dynamic highlights the challenges organisations face when relying on third-party providers to process or store critical information.
Third-party incidents are a growing problem in sectors that depend on complex technical supply chains. Banks often use external platforms for mortgage origination, servicing, and analytics because of the scale of documentation involved. When one of these providers experiences a breach, the potential for downstream risk extends across multiple institutions. Even if a bank’s internal systems remain secure, data stored with a vendor can provide attackers with information that supports identity theft, fraud, or targeted social engineering. The interconnected nature of financial services means that a single compromise can affect many organisations simultaneously.
Customers who may be connected to the institutions involved are advised to watch for unfamiliar transactions, account changes, or unexpected notifications. If attackers obtained financial documents or personal identifiers, they could attempt to impersonate customers or initiate fraudulent activity. Individuals should review account alerts, ensure that multi-factor authentication is active, and be cautious with unsolicited communications related to mortgages or account status. Banks typically contact customers directly if they identify confirmed exposure, and users should rely on official channels for updates.
The incident has prompted renewed questions about how financial institutions manage vendor security and oversight. Banks are required to vet external service providers, yet complete visibility into vendor systems can be difficult to maintain. The situation with SitusAMC may influence future regulatory discussions about auditing obligations, data segregation, and incident reporting. For now, the investigation continues, and the full extent of the breach will remain unclear until the company completes its review.